A few weeks ago, we got to know of a massive breach at a US-based restaurant affecting around half a million customers. Once again, a similar incident occurred at US-based restaurant Burgerville. The restaurant allegedly exposed customers’ card data to attackers who allegedly belong to the infamous Fin7 group.

Burgerville Disclosed Data Breach

According to the information disclosure on the website of Burgerville, the restaurant suffered a cyber attack affecting a number of customers. The hackers allegedly placed malware on the restaurant’s systems through which they continued to extract customers’ payment data.

Burgerville first came to know the breach on August 22, 2018, after an FBI report. They then continued cooperating with FBI alongside conducting their own investigations to find the extent of the breach. They reportedly found continued access by the hackers on their systems up until September 19, 2018.

Regarding the data compromised during the incident, the restaurant stated,

“Over the course of the investigation, it was determined that some of Burgerville’s customers’ credit and debit card information, including names, card numbers, expiration dates, and the CVV numbers found on the back of most cards may have been compromised.”

They confirm that personal data remained safe during the breach.

Fin7 Hacking Group Held Responsible

Burgerville have named the infamous hacker group Fin7 responsible for this attack. As stated in their FAQs, the U.S. Dept. of Justice issued a press release on August 1, 2018, in which they pointed out a “wave of attacks” affecting several firms located in Western Washington. That includes Burgerville too.

Presently, they have not specified the number of affected customers by this incident. They again hold Fin7 responsible for it.

“This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been. However, in an abundance of caution, Burgerville recommends that anyone who visited their restaurants between September 2017 and September 2018 should consider that their data may have been compromised.”

Nonetheless, they did explain the reason for such late disclosure of the breach. As stated, they completed the “remediation process” on September 30, 2018, only. They had to hold the disclosure until then to not alert the hackers.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Related

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]